Cookiebot™ Consent Solution

Cookie consent is required under multiple data privacy laws, such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA/CPRA) in the United States. The purpose of cookie consent is to inform users about the use of cookies and trackers on a website and give them the option to accept or decline the use of cookies. Users must provide their consent before cookies can be used to collect their data. The cookie consent notification usually appears as a banner or pop-up message that the user can interact with to accept or decline the use of cookies.

A cookie consent solution, also called consent management platform, ensures compliance with data privacy regulations like the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States.

A CMP solution also enables companies to customize the cookie banner or pop-up notification that appears on their website or app, ensuring that users are provided with clear and transparent information about the types of data that will be collected, how it will be used, and who it will be shared with. This helps to build trust with users and increases transparency around data collection and processing activities.

A cookie consent management solution enables you to demonstrate the collected consent of the website visitors in case of an audit of data processing activities and regulatory compliance.

According to the GDPR, consent must be:

• Explicit: Active acceptance, e.g. ticking a box or clicking a link.
  
• Informed: Who, what, why, for how long?
  
• Documented: The website operator has the burden of proof in the case of an audit. Ensure consents are securely documented and stored.
  
• In advance: No data is collected before the user has consented, i.e. cookies cannot be set on the website before the user consent or if they decline.
  
• Granular: Separate consent for each individual purpose, i.e. consent cannot be bundled with other purposes or activities.
  
• Freely given: Provide “Accept” and “Deny” options, e.g. buttons, that are equally displayed and accessible.
  
• Easy to decline or withdraw: Opting out must be as easy to do as opting in.

Cookiebot CMP is designed to be easy to use for the average user and not require a lot of technical expertise. It can be implemented on your website in 3 steps after you’ve created an account.

1. Add your website to the Cookiebot CMP Manager
2. Customize your cookie banner settings or select from our predefined options
3. Add the cookie banner script into your website’s code by following the easy instructions on the “Your scripts” tab

To help, we’ve prepared this Getting Started guide with detailed explanations of the setup.

When a website visitor (user) submits a consent from your website(s), the following data is automatically logged at Cookiebot CMP:

• user’s IP number in anonymized form (by removing the last 16 bit of IPv4 addresses and by removing the last 96 bit of IPv6 addresses)
• date and time of the consent
• user agent of the user’s browser
• URL from which the consent was submitted
• an anonymous, random and encrypted key value
• user’s consent state, serving as proof of consent

The key is used for proof of consent and is an option to verify the consent state stored in the user’s browser.

The GDPR requires that all consents must be retained for a period of 5 years, serving as essential documentation to substantiate consent if required. In addition, retaining historical consents is crucial in the event of an audit of your website by data protection authorities.

Using a cookie consent solution like Cookiebot CMP, end users can withdraw consent as easily as they gave it, which is a core GDPR cookie consent requirement in the EU.